CVE-2014-8567

Published: 14 November 2014

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

Priority

Medium

Status

Package Release Status
libapache2-mod-auth-mellon
Launchpad, Ubuntu, Debian
Upstream
Released (0.9.0)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.9.1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(0.9.1-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://github.com/UNINETT/mod_auth_mellon/releases/tag/v0.8.1